content/embeds/replica-of-tls-config.md
To enable TLS for Replica Of cluster connections:
For each cluster hosting a replica:
Go to Cluster > Security > Certificates.
Expand the Replica Of and Active-Active authentication (Syncer certificate) section.
{{<image filename="images/rs/screenshots/cluster/security-syncer-cert.png" alt="Syncer certificate for Replica Of and Active-Active authentication.">}}
Download or copy the syncer certificate.
From the Security tab of the Replica Of source database, select Edit.
In the TLS - Transport Layer Security for secure connections section, make sure the checkbox is selected.
In the Apply TLS for section, select Between databases only.
Select Mutual TLS (Client authentication).
{{<image filename="images/rs/screenshots/databases/security-tls-replica-of.png" alt="Replica Of TLS authentication configuration.">}}
Select + Add certificate, paste or upload the syncer certificate, then select Done.
Repeat this process, adding the syncer certificate for each cluster hosting a replica of this database.
(Optional) To require TLS for client connections, change Apply TLS for to Clients and databases + Between databases and add client certificates.
Select Save.